Describe the bug
In pgp/yubikey.go lines 386-387, the writeMPI() function ignores write errors using //nolint:errcheck:
w.Write(buf) //nolint:errcheck
w.Write(data) //nolint:errcheck
These write operations could fail silently if buffer capacity is reached or I/O errors occur, producing invalid OpenPGP signatures without error indication.
To reproduce
- Trigger PGP signature generation with Yubikey
- If buffer writes fail (simulated via full buffer), signatures corrupt silently
- No error returned to caller
Expected behavior
Write errors should be checked and propagated:
if _, err := w.Write(buf); err != nil {
return err
}
if _, err := w.Write(data); err != nil {
return err
}Screenshots
N/A
Additional context
- File:
pgp/yubikey.go
- Lines: 386-387
- Severity: High - silent signature corruption possible
- Fix complexity: Easy - add error checks and propagate
Describe the bug
In
pgp/yubikey.golines 386-387, thewriteMPI()function ignores write errors using//nolint:errcheck:These write operations could fail silently if buffer capacity is reached or I/O errors occur, producing invalid OpenPGP signatures without error indication.
To reproduce
Expected behavior
Write errors should be checked and propagated:
Screenshots
N/A
Additional context
pgp/yubikey.go